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What is claimed is: 

1 . A public key authentication system for use in a computer system having a 
plurality of users, the system comprising: 
a virtual smart card server; 

storage connected to the virtual smart card server, wherein the storage includes a 
plurality of virtual smart cards, wherein each virtual smart card is associated with a user 
and wherein eacA smart card includes a private key; and 

a virtual smart card agent connected to the virtual smart card server, wherein the 
virtual smart card agent authenticates the user and accesses the authenticated user's 
virtual smart card tp obtain the user's private key. 
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2. The public kW authentication system according to claim 1 , wherein the virtual 
smart card agent includes an interface to a smart-card-enabled application. 

3. The public keM authentication system according to claim 2, wherein the virtual 
smart card server performs encryption in response to a remote call from the interface. 

4. The public key authentication system according to claim 2, wherein the virtual 
smart card server performs signing in response to a remote call from the interface. 

5. The public key authentication system according to claim 2, wherein the virtual 
smart card server perform^ key management functions in response to a remote call from 
the interface. 
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6. The public key authentication system according to claim 1, wherein the public 
key authentication system fijirther includes an authentication server connected to the 
virtual smart card agent and Wherein the virtual smart card agent authenticates the user 
through interaction with the authentication server. 
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7. The public key authentication system according to claim 1, wherein the public 
key authentication system further includes an authentication server connected to the 
virtual smart cam server and wherein the virtual smart card agent authenticates the user 
through interaction with the authentication server. 
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8. The publicWey authentication system according to claim 1, wherein the virtual 
smart card agent coipmunicates with the virtual smart card server over an agent-server 
transport layer. 

10 9. The public ke>\ authentication system according to claim 1, wherein the virtual 

smart card agent communicates with the virtual smart card server over a secure TCP/IP 
session. 
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10. A method of authenticating users, including a first user, attempting to access a 
computer system, the method comprising: 

assigning first andisecond keys to each user, wherein the first and second key 
form a public/private key pair; 

issuing a digital certificate to the first user, wherein the digital certificate is 
associated with the second Key assigned to the first user; 

entering a one-time password; 

encrypting the one-time password with the first key assigned to the first user to 
form an encrypted one-timelpassword; 

verifying that the digital certificate issued to the first user was signed by a 
recognized certificate authority; 

accessing, via the digital certificate, the second key assigned to the first user; 

decrypting the encrypled one-time password with the second key associated with 
the digital certificate to recover the one-time password; and 

comparing the one-timp password against an expected one-time password. 
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1 1 . The method according to claim 10, wherein the first key is a private key and the 
second key us a public key. 

12. The method according to claim 10, wherein verifying that the digital certificate 
issued to the first user was signed by a recognized certificate authority includes 
accessing a CRL to determine if the certificate has been revoked. 

13. A computer-readable medium comprising program code which executes the 
method of claim l\ 

14. A public keM authentication system for use in a computer system having a 
plurality of users, the system comprising: 

an authentication server; 

a directory senvice connected to the authentication server, wherein the directory 
service includes a plurality of public keys, wherein each public key is associated with a 
unique user identifier; land 

a host system, wherein the host system includes a public key authentication 
client and an interface lo a smart-card-enabled application, wherein the public key 
authentication client is connected to the authentication server; 

wherein the public key authentication client receives a challenge issued by the 
authentication server, signs the challenge with a digital signature representing a user and 
sends the digital signature of the challenge back to the authentication server; and 

wherein the authentication server receives the digital signature of the challenge 
and verifies the digital signature with a public key retrieved from the directory service. 

15. The public key authentication system according to claim 14, wherein the 
authentication server includes role-based access control. 
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16. The public key authentication system according to claim 14, wherein the 
authentication server includes automatic logging of authentication attempts. 
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